Password entry system

ABSTRACT

The present invention relates to gaming apparatus ( 100 ) and methods ( 300 ) applicable to gaming apparatuses and systems. In particular a password entry method ( 300 ) and system ( 600 ) for authenticating a player&#39;s identity is disclosed in which a user&#39;s password can be defined using a set of elements ( 402 ) including a plurality of images ( 404 ) such as symbols or pictures.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/630,921, filed on Sep. 28, 2012, which is a continuation of U.S.patent application Ser. No. 11/913,917, filed on Mar. 27, 2008, nowissued U.S. Pat. No. 8,287,375 which claims priority to PCT Patentapplication No. PCT/AU06/00728, having a filing date of May 30, 2006,entitled “Password Entry System.” The above-identified applications arehereby incorporated herein by reference in their entirety.

FIELD OF THE INVENTION

The present invention relates to gaming apparatus and methods of gaming.In a preferred embodiment the present invention relates to a passwordentry method and system for authenticating a player's identity

BACKGROUND OF THE INVENTION

With the increase of gambling at gaming venues has come increasedcompetition between gaming venues to obtain a larger share of the totalgambling spend. Gaming venue operators have therefore continuouslylooked for new variations and types of games in order to attract bothnew and return customers to their venues.

In response to this need, suppliers of gaming devices and systems haveattempted to provide the sought after variety, while still developinggames that comply with the relevant regulations in the jurisdiction ofthe gaming venue operator. Suppliers of gaming devices therefore arefaced with restrictions on the types of games and gaming apparatus thatare allowable, both in terms of the prevailing regulations and in termsof providing a return on investment to the gaming venue operators.

In addition, it is important that a player be able to understand theoperation of a game quickly so that the player promptly feels that theyare in control of game play and can therefore extract maximumentertainment from the game.

Gaming apparatus and gaming systems are known which have player trackingsystems. Some player tracking systems are configured to allow players toidentify themselves by entering an alphanumeric password (and sometimesa username), either alone or in order to authenticate a playeridentification token, to establish the player's identity. For instance,in some gaming systems a player can establish and operate a financialaccount from which wagers are made or credits transferred to a gamingapparatus. These systems are typically configured such that a playermust enter a password to prove that the player is indeed who the playerclaims to be, prior to allowing access to the player's financialaccount.

In another example, a password may be used by a player to lock aapparatus that he or she is playing during a period in which theapparatus is unattended, for example during a toilet or smoking break.On return to the apparatus the player uses his or her password or PIN to“unlock” the gaming apparatus.

It has been found that, for convenience, players often choose shortpasswords or passwords that are easy for them to remember, such as theirname, the name of a family member, or simply the word “password”. As aresult of players' desire for convenient, easy to remember passwords,password authentication methods can be defeated relatively easily,either by trial and error or guesswork.

Any reference in this specification to the prior art does not constitutean admission that such prior art was well known or forms part of thecommon general knowledge in any jurisdiction.

SUMMARY OF THE INVENTION

The inventor has determined that people may be encouraged to use longerand hence more secure passwords if they are able to use images alone, orin combination with alphanumeric characters in forming a password.

Accordingly in a first aspect the present invention provides a method ofoperating a gaming apparatus configured to provide player access to oneor more gaming apparatus features, said method comprising:

-   (a) receiving at least a player password defined using password    elements selected from a set of elements including one or more    images;-   (b) determining whether the received password is valid; and-   (c) providing player access to at least one gaming apparatus feature    in the event that the received password is valid.

Preferably the one or more images are game-related images associatedwith a gaming apparatus feature accessible from the gaming apparatus.The set of elements can also include one or more characters. In apreferred embodiment the characters are selected from a character setincluding one or more of the following kinds of characters:

-   alphabetic characters;-   numerals;-   punctuation marks;-   typographical symbols.

In use, the gaming apparatus preferably provides player access to one ormore gaming apparatus features by way of at least one player interfaceincluding one or more game-related images, and wherein said set ofelements includes at least one of said game-related images.

The set of elements can include one or more icons representing agame-related image. which forms part of said at least one playerinterface.

In a preferred embodiment the set of elements includes one or moreimages selected from at least one of the following classes of images:

-   images representing the rank and/or suit of playing cards,-   images representing one or more symbols used on a reel of a spinning    reel game accessible on the gaming apparatus;-   images representing one or more symbols used in association with a    game accessible via another gaming apparatus;-   images representing animated characters;-   images associated with a theme of the gaming apparatus.

The method can also include, receiving a player name. In this case, step(b) can include determining whether the received password corresponds topassword associated with the received player name.

Step (b) can include comparing a cryptographic hash of the receivedpassword to a stored hash value to determine whether the receivedpassword is valid.

The method can also include:

-   (d) counting the number of invalid passwords received in a session;    and in the event that the number of invalid passwords received is    less than a predetermined number,-   (e) enabling receipt of a further player password; and-   (f) repeating steps (b) to (e).

In a further aspect the present invention provides a gaming apparatusconfigured to provide player access to one or more gaming apparatusfeatures, said gaming apparatus including:

a display and a game controller arranged to control images displayed onthe display,

-   a input interface to receive player inputs to the gaming apparatus    features accessible from the gaming apparatus; and-   a player authentication component configured to control access to at    least one gaming apparatus feature by a player; said authentication    component being configured to receive at least a player password    entered by a player using a the input interface and defined using    password elements selected from a set of elements including one or    more images. The authentication component is preferably configured    to enable access to said one or more gaming features in the event    that a received password is valid.

Preferably the one or more images are game-related images associatedwith a gaming apparatus feature accessible from the gaming apparatus.

The set of elements can also include one or more characters. In apreferred embodiment the characters are selected from a character setincluding one or more of the following kinds of characters:

-   alphabetic characters;-   numerals;-   punctuation marks;-   typographical symbols.

Preferably the game controller is configured to generate at least onegaming apparatus feature interface including one or more game-relatedimages, and wherein said set of elements from which the password isdefined, includes at least one of said game-related images.

The set of elements can include one or more icons representing agame-related image which forms part of said at least one gamingapparatus feature interface.

In a preferred embodiment the set of elements includes one or moreimages selected from at least one of the following classes of images:

-   images representing the rank and/or suit of playing cards,-   images representing one or more symbols used on a reel of a spinning    reel game accessible on the gaming apparatus;-   images representing one or more symbols used in association with a    game accessible via another gaming apparatus;-   images representing animated characters;-   images associated with a theme of the gaming apparatus.

The authentication component can further be configured to receive aplayer name. The player name can be received from the input interface.Alternatively the gaming apparatus can include a token reader and theplayer name can be received from the token reader.

In a preferred embodiment the authentication component can further beconfigured to determine whether the received password is valid.

The authentication component can also be configured to determine whetherthe received password corresponds to password associated with a receivedplayer name.

In a preferred embodiment the gaming apparatus includes a data storagemeans configured to store thereon a user database accessible by theauthentication component. In this embodiment the authenticationcomponent can also be configured to compare a cryptographic hash of thereceived password to a hash value stored in the user database todetermine whether the received password is valid.

In an alternative embodiment the authentication component can beconfigured to cooperate with an authentication server configure todetermine whether a received password is valid.

In a preferred embodiment the input interface includes a touch-screen.In such an embodiment the game controller is configured to generate apassword entry interface for display on the touch-screen, including aplurality of images representative of at least part of the set ofelements and wherein each image is aligned with a respective touchscreen sensor, wherein in use the password entry interface allows aplayer to enter a password by touching selected ones of the displayedimages of the interface.

The invention extends to a gaming apparatus system comprising at leastone gaming apparatus and at least one server, said gaming apparatus andserver being connected by a communication network and being configuredto cooperate to provide player access to one or more gaming apparatusfeatures via said gaming apparatus, said gaming apparatus including, adisplay and a game controller arranged to control images displayed onthe display, a input interface to receive player inputs to the gamingapparatus features accessible from the gaming apparatus; said gamingapparatus system further including a player authentication subsystemconfigured to control access to at least one gaming apparatus feature bya player; said authentication subsystem being configured to receive atleast a player password entered by a player using a the input interfaceand defined using password elements selected from a set of elementsincluding one or more images.

Preferably the one or more images are game-related images associatedwith a gaming apparatus feature accessible from the gaming apparatus.

The set of elements can also include one or more characters. In apreferred embodiment the characters are selected from a character setincluding one or more of the following kinds of characters:*

-   alphabetic characters;-   numerals;-   punctuation marks;-   typographical symbols.

Preferably the game controller is configured to generate at least onegaming apparatus feature interface including one or more game-relatedimages, and wherein said set of elements from which the password isdefined, includes at least one of said game-related images.

The set of elements can include one or more icons representing agame-related image which forms part of said at least one gamingapparatus feature interface.

In a preferred embodiment the set of elements includes one or moreimages selected from at least one of the following classes of images:

-   images representing the rank and/or suit of playing cards,-   images representing one or more symbols used on a reel of a spinning    reel game accessible on the gaming apparatus;-   images representing one or more symbols used in association with a    game accessible via another gaming apparatus forming part of the    gaming apparatus system;-   images representing animated characters;-   images associated with a theme of the gaming apparatus.

The authentication subsystem can further be configured to receive aplayer name. The player name can be received from the input interface.Alternatively the gaming apparatus can include a token reader and theplayer name can be received from the token reader.

The authentication subsystem can also be configured to determine whetherthe received password corresponds to password associated with a receivedplayer name.

In a preferred embodiment the gaming apparatus system includes a datastorage means configured to store thereon a user database accessible bythe authentication component. In this embodiment the authenticationsubsystem can also be configured to compare a cryptographic hash of thereceived password to a hash value stored in the user database todetermine whether the received password is valid.

In a preferred embodiment the authentication subsystem comprises aclient side authentication component running on the gaming apparatus anda server side authentication component running remotely to the gamingapparatus that cooperate to control access to said at least one gamingapparatus feature.

In a preferred embodiment the input interface includes a touch-screen.In such an embodiment the game controller is configured to generate apassword entry interface for display on the touch-screen, including aplurality of images representative of at least part of the set ofelements and wherein each image is aligned with a respective touc-screensensor, wherein in use the password entry interface allows a player toenter a password by touching selected ones of the displayed images ofthe interface.

In a fourth aspect the present invention provides a gaming apparatusinterface configured to enable a user of a gaming apparatus to enter apassword to gain access to at least one gaming apparatus feature, saidpassword being defined using a set of elements including one or moreimages; wherein said interface includes a element display regionconfigured to display plurality of elements comprising at least a subsetof the set of elements for selection by the user.

Preferably the one or more images are game-related images associatedwith a gaming apparatus feature accessible from the gaming apparatus.

The set of elements can also include one or more characters. In apreferred embodiment the characters are selected from a character setincluding one or more of the following kinds of characters:

-   alphabetic characters;-   numerals;-   punctuation marks;-   typographical symbols.

Preferably the subset of elements are displayed in the element displayregion are arranged in an array.

The interface can also include a password display region configured todisplay at least a representation of a number of elements selected by auser when entering a password. In some embodiments the password displayregion configured is configured to display the elements selected by auser when entering a password. In an alternative embodiment a placemarking character may be displayed in the password display region torepresent each element selected by a user when entering a password:

In this specification, where reference is made to gaming apparatusreels, spinning of such reels, symbols appearing on the reels, playingcards, and the like, this is to be taken as including simulated versionsthereof.

BRIEF DESCRIPTION OF THE DRAWINGS

Further aspects of the present invention will become apparent from thefollowing description, given by way of example only and with referenceto the accompanying drawings. In the drawings:

FIG. 1 shows diagrammatically, a view of a gaming apparatus suitable forimplementing the present invention;

FIG. 2 shows a block diagram of gaming apparatus suitable forimplementing the present invention;

FIG. 3 shows a block diagram of components of the memory of the gamingapparatus represented in FIG. 2;

FIG. 4 shows diagrammatically, a network gaming system suitable forimplementing the present invention;

FIG. 5 is a flowchart depicting a process for granting access to a gamefeature according to an embodiment of the present invention;

FIG. 6 depicts a password entry interface according to an embodiment ofthe present invention;

FIG. 7 is a representation of a password string defined using anembodiment of the present invention; and

FIG. 8 depicts a gaming system network according to an embodiment of thepresent invention.

DESCRIPTION OF THE INVENTION

In FIG. 1 of the accompanying drawings, one example of a gaming machinesuitable for implementing the present invention is generally referencedby arrow 10.

The gaming machine 10 includes a console 12 having a display 14 on whichis displayed representations of a game 16, that can be played by aplayer. A mid-trim 20 of the gaming machine 10 houses a bank of buttons22 for enabling a player to play the game 16. The mid-trim 20 alsohouses a credit input mechanism 24 including a coin input chute 24A anda bill collector 24B. A top box 26 may carry artwork 28, including forexample, pay tables and details of bonus awards and other information orimages relating to the game. Further artwork and/or information may beprovided on the front panel 29 of the console 12. A coin tray 30 ismounted beneath the console 12 for cash payouts from the gaming machine10.

The display 14 shown in FIG. 1 is in the form of a video display unit,particularly a cathode ray tube screen device. Alternatively, thedisplay 14 may be a liquid crystal display, plasma screen, any othersuitable video display unit, or the visible portion of anelectromechanical device. In a preferred form the display 14 is atouch-screen configured to act as an input device for the gaming machine10. The top box 26 may also include a display, for example a videodisplay unit, which may be of the same type as the display 14, or adifferent type of display.

FIG. 2 shows a block diagram of a gaming apparatus, generally referencedby arrow 100, suitable for implementing the present invention. Thegaming machine 100 may, for example, operate as a standalone gamingmachine of the type shown in FIG. 1. However, the gaming machine 100 mayalternatively operate as a networked gaming machine, communicating withother network devices, such as one or more servers or other gamingmachines. The gaming machine 100 may also have distributed hardware andsoftware components that communicate with each other directly or througha network. Accordingly, different reference numerals have been used inFIG. 2 from FIG. 1 for components that may be equivalent.

The gaming machine 100 includes a game controller 101, which in theillustrated example includes a microprocessor, microcontroller,programmable logic device or other computational device 102.Instructions and data to control operation of the computational device102 are stored in a memory 103, which is in data communication with thecomputational device 102. Typically, the gaming machine 100 will includeboth volatile and non-volatile memory and more than one of each type ofmemory, with such-memories being collectively represented by the memory103. The instructions to cause the game controller 101 to implement thepresent invention will be stored in the memory 103.

The gaming apparatus may include hardware meters 104 for the purposes ofregulatory compliance and also include an input/output (I/O) interface105 for communicating with the peripheral devices of the gaming machine100. The input/output interface 105 and/or the peripheral devices may beintelligent devices with their own memory for instructions and data.

In the example shown in FIG. 2, the peripheral devices that communicatewith the controller are one or more displays 106, user interfaces 107, acard and/or ticket reader 108, a printer 109, a bill acceptor and/orcoin input mechanism 110 and a coin output mechanism 111. One or more ofthe displays 106 may include a touch screen 106A, forming part of theuser interface 107. Additional devices may be included as part of thegaming machine 100, or devices omitted as required for the specificimplementation.

In a preferred form the card/ticket reader peripheral 108 is used by aplayer tracking service to enable a player to identify themselves to thegaming apparatus (or a related system to which it is connected) as partof a login procedure.

In addition, the gaming machine 100 may include a communicationsinterface, for example a network card 112. The network card, may forexample, send status information, accounting information or otherinformation to a central controller, server or database and receive dataor commands from a the central controller, server or database. Asexplained in more detail in relation to FIG. 4, the computational device102 may include two or more controllers or processors, which may belocal or remote from each other and the displays 106.

FIG. 3 shows an exemplary block diagram of the main components of thememory 103. The RAM 103A typically temporarily holds program files forexecution by the computational controller 102 and related data. TheEPROM 1038 may hold be a boot ROM device and/or may contain some systemor game related code. The mass storage device 103C is typically used tostore game programs, the integrity of which may be verified and/orauthenticated by the computational controller 102 using protected codefrom the EPROM 1038 or elsewhere.

FIG. 4 shows a gaming system 200. The gaming system 200 includes anetwork 201, which for example may be an Ethernet network. Gamingdevices 202, shown arranged in three banks 203 of two gaming devices 202in FIG. 4, are connected to the network 201. The gaming devices 202 maybe gaming machines 10, as shown in FIG. 1 or form part or all of anothergaming machine 100. Single gaming devices 202 and banks 203 containingthree or more gaming devices 202 may also be connected to the network201.

One or more displays 204 may also be connected to the network 201. Thedisplays 204 may, for example, be associated with a bank 203 of gamingdevices. The displays 204 may be used to display representationsassociated with game play on the gaming devices 202, and/or used todisplay other representations, for example promotional or informationalmaterial.

Servers may also be connected to the network 201. For example, a gameserver 205 may generate game outcomes for games played on the gamingdevices 202, a database management server 206 may manage the storage ofgame programs and associated data for downloading or access by thegaming devices 202 in a database 206A, and a jackpot server may controlone or more jackpots associated with the gaming devices 202. A playertracking server 207 may track player statistics and game usage eg. foruse in the delivery of promotions etc. to players. The tracking server207 can cooperate with player tracking peripherals forming part of thegaming devices 203 to allow a player to log into the player trackingsystem.

Further servers may be provided to assist in the administration of thegaming system 200, including for example a gaming floor managementserver 208, and a licensing server 209 to monitor the use of licenses toparticular games. An administrator terminal 210 is provided to allow anadministrator to run the network 201 and the devices connected to thenetwork.

The gaming system 200 may communicate with other gaming systems, otherlocal networks, for example a corporate network and/or a wide areanetwork such as the Internet through a firewall 211.

In the preferred embodiment, the gaming machine 10 of FIG. 1 isconfigured such that a player may be required to “login” to the machine(or network) by entering a user name and password in order to be allowedaccess certain features of the game or gaming machine 10. Typically thelogin process requires the player to enter a user name and correspondingpassword as described below, although in some embodiments only apassword will need to be entered.

In order to implement the login procedure the game controller 101 or adedicated peripheral device operates under the control of a setinstructions, to behave as an authentication component, which controlsthe login procedure and/or performs authentication of passwords or usernames entered.

In the preferred embodiment the authentication component is configuredto allow a user's password to be defined using a set of elementsincluding a plurality of images, e.g. symbols or pictures. Preferablythe set of elements includes at one or more characters. The characterscan be alphabetic characters, numerals, punctuation marks and/or othertypographical symbols. The user's password is entered using either, orboth of the keypad 22 and a plurality of touch-screen sensors associatedwith display 14. Preferably, the pictures or symbols able to be used bya player for his or her password include at least some of those whichare used in the game or games played on the gaming machine 10.

A log-in process in which a player enters a user name and password isdescribed with reference to the flow diagram 300 of FIG. 5. In order todeter unauthorised users from guessing another player's password aplayer is provided with a limited number of attempts to enter thecorrect password before triggering an alert condition. To initiate thelog-in procedure 300 the player, at block 302, is presented with a logininterface on the display 14, which invites the player to enter a username. The user name may be entered by way of a token which is insertedin a token acceptor eg. card reader or player tracking peripheral,connected to the machine 10 eg. a contact or contactless smartcardreader, RFID token reader, magnetic stripe card reader or the like (notshown), or by the player entering his name using key pad 22 (whereprovided) and/or touch-screen sensors of the gaming machine 10.

Next in step 304, the authentication component accesses a list of validuser names (identifiers) stored in a database structure in memory 103and compares the user name with a stored list of valid user names, todetermine if the purported user name is valid at step 306.

If the user name is not on the stored list, it is identified as beinginvalid, and the authentication component sends a message in step 308 toan analysis and monitoring component (not shown) of the gaming machine10 or system to notify it of the attempt to enter an invalid user name.In this event the authentication component denies the player access tothe requested game feature or game, as represented at step 310.

If the user name is on the stored list, it is identified as being valid,and the authentication component then gathers the user's password atstep 312. Typically the game controller will generate a password entryinterface for display on display 14. The interface invites the player,by way of an appropriate message, to enter a password.

The authentication component is configured to allow the use of imagese.g. symbols or pictures to define a password. Optionally theauthentication component can additionally allow one or more charactersto be used to define a password. The characters can be selected from aknown character set such as the ASCII character set or the like. Theuser's password is entered using either, or both of the keypad 22 and atouch-screen interface. Preferably, the pictures or symbols able to beused by a player for his or her password include at least some of thosewhich are used in the game or games played on the gaming machine 10.

The authentication component creates a hash of the password using apredetermined hashing algorithm; then in step 314 compares the hash ofthe received password with a stored password hash associated with therelevant user name to determine whether the entered password is valid.

If the purported password does not correspond to the stored passwordassociated with the particular user name, then the authenticationcomponent identifies the password as being invalid and increments acounter, as represented by the block 316, to track the number of failedattempts by the player to enter the valid password. In this manner, theauthentication component can determine, as represented by the block 318,if there have been more failed attempts than permitted by the system. Ifthere have been too many failed attempts, then the authenticationcomponent notifies the analysis and monitoring component (referred toabove) of the fact of the excessive attempts, as represented by theblock 308, and denies the player access to the gaming apparatus featureas represented by the block 310.

On the other hand, if there has not been an excessive number ofattempts, the authentication component allows the player to attempt,again, to enter the valid password as represented by the block 302.

If the password entered is correct, then, in block 320, theauthentication component 40 clears the recorded number of unsuccessfulattempts by the player to enter the valid password, and then grants theplayer access to the requested gaming apparatus feature as representedby the block 322.

As will be appreciated, players who do not have an existing passwordwill need to go through an account establishment process which is usedto establish a user record, or account accessible by the machine 10.When a password is first defined by a player, the password istransmitted to authenticating module which creates a cryptographic hashof the password and stores the hash in a database stored in the memory103. The system preferably does not store the password itself as enteredby the player.

According to the preferred embodiment the player may select, ascomponents of his desired password, or as the whole password, images orpictures that are displayed on the display 14 of the gaming machine 10.

In the illustrative embodiment, the gaming machine 10 is adapted tosimulate the effect of spinning reels during game-play. The gamingmachine 10 is configured such that the reel images include game symbolscomprising the images representing playing cards, i.e. playing cardswith the ranks of 2 to 10, as well as jacks, queens, kings, aces, andjokers, in each of the suits of cards, being clubs, diamonds, hearts andspades. The reels may also display certain “wild” or “scatter” symbolsthat may be designed in keeping with a theme or character associatedwith the gaming apparatus. Preferably one or all of these “game symbols”are available for players to use as part or all of their passwords.

For example, if the name of the gaming machine 10 is the “Queen of theNile”, then this name may also be represented by an image of an Egyptianqueen which the player may select as part of his or her password. OtherEgyptian themed images can also be used.

Advantageously, this embodiment encourages a player to use a passwordwhich is a sentence in which the themed image such as the “Queen of theNile” constitutes a phrase. Thus, for example, the player may choose hisor her password to be “I LOVE THE QUEEN OF THE NILE GAME”. In anembodiment of the present invention the player can select the string ofletters and images 88 appearing in FIG. 7 to represent this password. Inthis password string 88, the letter “I”, and the words “THE” and “GAME”are made up by selecting traditional alphabetic characters from the setof elements, while the heart symbol and “Queen of the Nile” parts of thepassword are constituted by symbols available on the gaming machine 10.

In an embodiment where the gaming machine 10 is one which relates to asimulated card game, then the heart symbol may be constituted by animage of a heart as used to denote the suit of “hearts”. Passwordsforming sentences such as the present example may be relatively easy fora player to remember due to the meaning attached to them, but are alsodifficult to guess or replicate by brute force due to their long lengthand additional set of symbol-or image-based variables.

As will be appreciated, a wide range of game-related symbols could beincluded in the set of elements from which a password can be defined. Inone preferred embodiment, the images that are made available for aplayer to select as part of a password include symbols and images usedby other gaming apparatus such as machines 202, 203 of FIG. 4 which areconnected to the same gaming apparatus network 200 as the machine 10.

When a player wishes to enter a password, the player may select, as theindividual elements of the password, one or more symbols from the gameplayed on the gaming machine 10. The gaming machine 10 is configuredsuch that these symbols are displayed on an interface in an array in thetouch-screen portion of the display 14. In a preferred embodiment, thesymbols able to be selected by a player also include conventionalalphanumeric characters and symbols forming the whole or part of theASCII character set.

Each symbol presented in the interface is aligned with a correspondingtouch-screen sensor which the player can select by pressing the area ofthe screen in which the symbol appears. In FIG. 6, an example of apassword entry interface 400 including an array, designated 402, ofselectable symbols 404. The interface also includes an “OK” symbol 406which the player can select to confirm the password once the player issatisfied that he or she has entered it correctly. The interface 400also includes, a password display area 408. In the present embodiment,the interface 400 has no input echo, instead a place marking charactersuch as an asterisk may appear in the area 408 for each symbol 404selected by the player, to indicate that a symbol has been selected. Inan embodiment where there is an input echo, a representation of eachsymbol 404 selected will appear.

An advantage of the preferred embodiment of the present invention isthat the symbols that are available for use on the particular gamingmachine 10 or system 2 may be more easily remembered as parts ofpasswords than purely alphanumeric characters traditionally used forpasswords. This advantage can be realised because of the visualimpression created by the images and also, in certain instances, becausethe images can be combined in a password string to relate a story,concept, sequence of events, in a player's mind, as reflected by thestring 88 shown in FIG. 7.

In a gaming environment, a player may remember game-playing events thatmake particular impression on him, such as a significant win.Accordingly, the ability to select, as parts of a password, symbolswhich formed part of a winning combination in a significant win may bedesirable. Indeed, according to one embodiment of the invention, thesystem is adapted to store symbols or combinations of symbols relatingto significant wins and symbols reflecting prize values. For example, ifa player achieves a win of $100 based on a symbol combination consistingof three “pyramid” symbols and two “queen” symbols, the player canchoose as his password symbols representing $100, and one or moresymbols representing or making up the combination of symbols definingthe win. The machine 10 may even be configured to automatically storethe amount of the win and some or all of the winning symbols as apassword or part of a password. Symbols representing entire hands ofcards e.g. a royal flush can also be utilized in embodiments of thepresent invention.

In addition to aiding recollection of passwords and potentiallyencouraging the use of longer passwords, certain embodiments may alsopermit the use of a far greater range of passwords. Traditionally,approximately 95 different ASCII characters are available for use inpasswords. Accordingly, if a password includes a string of eightcharacters, then the number of possible passwords would be 95⁸. However,it will be appreciated that a conventional deck of cards includingjokers, has 54 different cards. Therefore, if the images provided on aparticular gaming apparatus or system, for use as elements of apassword, include representations of the 54 cards of a deck in additionto the aforementioned 95 ASCII characters, then the total number ofcharacters is 149. Thus, the number of possible password variations inthis case is 149⁸.

FIG. 8 depicts an alternative embodiment of the present invention inwhich a plurality of gaming apparatuses are connected to a game servervia a gaming network. The network 600 comprises a central game server602 which is configured to determine the outcome of games played on aplurality of gaming apparatuses 604, 606, 608, 610. The gaming apparatus604 to 610 is substantially the same as the gaming apparatus describedin connection with FIG. 1 and are each connected to the gaming servervia data communication network 612. The network 600 includes anauthentication subsystem which controls player access as describedabove. In this regard each gaming apparatus includes a client sideauthentication component 614, which is typically implemented in softwareand which may include a token reader, which cooperates with a serverside authentication component 616 which forms part of the game server602. The server side authentication component 616 can additionally becoupled to a user database 618 or other database storing userinformation such as financial account data and the like. As will beappreciated by those skilled in the art, a method of the type describedabove in connection with FIG. 5 can be used to identify and authenticatea user with only slight variation. In this regard, the client sideauthentication component 614 of a gaming apparatus e.g. 604 will controlthe client side functions of the authentication process such asprompting a user to enter his or her user name and/or password andcreating cryptographic hash of the data entered. The serverauthentication component 616 performs the server side functions of themethod including checking the validity of user names against the recordsstored in the user database 618 (if applicable) and comparing thecryptographic hash value of a password sent via the client sideauthentication component 614 to the hash value stored in the userdatabase 618.

In certain embodiments it may be advantageous for individual gamingapparatuses (or groups of gaming apparatuses) to encode the set ofelements available to its users for defining a password in a differentmanner to other gaming apparatuses (or groups of gaming apparatuses).For example, although the image of a “King” selectable by a player ofgaming apparatus 604 for inclusion in a password may be identical inappearance to the “King” selectable by a player of gaming apparatus 606,these “Kings” can each be assigned a different character value, that isthey can be considered as different characters for the purpose ofdefining passwords.

In certain embodiments a player (e.g. of apparatus 604) can be allowedto define his or her password using the set of available charactersprimarily defined for use with another apparatus (e.g. apparatus 606).In such an example the player might be able to choose 2 types ofidentical looking “Kings” for use in his or her password, one king beingencoded as per gaming apparatus 604 and the other being encoded as pergaming apparatus 606. Advantageously during the entry of his or herpassword, a player can use the gaming apparatus interface to alternatebetween display screens showing the character sets encoded for thedifferent apparatuses. Alternatively a plurality character setscorresponding to different gaming apparatuses (or groups of apparatuses)can be simultaneously displayed.

Such an embodiment can be advantageous as it may allow the charactersand images making up a password to be viewed by a third party withoutentirely revealing the actual password.

Those skilled in the art will appreciate that there are many variationson the client-server model which can be employed to implementauthentication process in accordance with an embodiment of the presentinvention, and accordingly that the client-server embodiment describedherein is given merely by way of example and the present inventionshould not be considered limited to this embodiment.

In alternative embodiments a stand-alone authentication server could beused in place of the server side authenticating component 616.

As will be appreciated the authentication methods described above inconnection with the illustrative embodiments, and variations thereof,can be used to verify user's identity for a range of activities inconnection with the use of a gaming apparatus or gaming apparatusnetwork. The following list sets out a non-exhaustive set of exemplarysituations in which a players identity could be required or requested. Aplayer may be asked to enter a password (with or without a username):

-   -   to begin playing a game;    -   to lock a apparatus for short periods using, and to subsequently        unlock the apparatus;    -   to take advantage of a royalty program of which the player is a        member;    -   to identify themselves in order to gain access to money, credits        or complementary games stored in a player account, held by the        gaming establishment, financial institution or the like;    -   to take part in cooperative or team games;    -   to have a set of preferences loaded in the apparatus in order to        tailor the operation or interface of the apparatus to their        liking;    -   to resume a previous game at a particular point.

Other reasons for needing to identify and/or authenticate a player of agaming apparatus will be readily apparent to those skilled in the art.

While the foregoing description has been provided by way of example ofthe preferred embodiments of the present invention as presentlycontemplated, which utilise gaming apparatus and machines, those skilledin the relevant arts will appreciate that the present invention also mayhave application to internet gaming and/or have application to gamingover a telecommunications network, where handsets are used to displaygame outcomes and receive player inputs.

Where in the foregoing description reference has been made to integershaving known equivalents, then those equivalents are hereby incorporatedherein as if individually set forth.

Those skilled in the relevant arts will appreciate that modificationsand additions to the embodiments of the present invention may be madewithout departing from the scope of the present invention.

It will be understood that the invention disclosed and defined in thisspecification extends to all alternative combinations of two or more ofthe individual features mentioned or evident from the text or drawings.All of these different combinations constitute various alternativeaspects of the invention.

It will also be understood that the term “comprises” (or its grammaticalvariants) as used in this specification is equivalent to the term“includes” and should not be taken as excluding the presence of otherelements or features.

The invention claimed is:
 1. A method of operating a gaming apparatusconfigured to provide player access to one or more gaming apparatusfeatures, at least one of said gaming apparatus features comprisinginitiating play of a game using a plurality of game symbols and having agame outcome determined by said game symbols, the gaming apparatushaving a credit input mechanism configured to accept a credit forestablishing a credit balance, a game controller, a random numbergenerator, a memory storing data of a plurality of elements includingone or more images and password elements, an input interface, and adisplay, said method comprising: displaying on the display a number ofthe elements including one or more images from the memory; receiving viathe input interface at least a player password defined using passwordelements selected from the number of elements including one or moreimages displayed on the display, wherein at least one of said one ormore images comprises one of said game symbols used for determining saidgame outcome; determining via the game controller whether the receivedpassword is valid; and providing player access to at least one gamingapparatus feature in view of the credit balance in the event that thereceived password is valid.
 2. The method of claim 1, wherein saidreceiving comprises displaying for user input a plurality of said one ormore images including said one of said game symbols used for determiningsaid game outcome.
 3. The method of claim 1, wherein the player passwordfurther comprises at least one alphanumeric character selected from agroup comprising an alphabetic character, a numeral, a punctuation mark,and a typographical symbol.
 4. The method of claim 1, wherein the atleast one or more images further comprises one or more of the followingimage types: an image representing a rank and a suit of a playing card;an image representing a symbol used on a reel of a spinning reel gameaccessible on the gaming apparatus; an image representing a symbol usedin association with a gaming feature accessible from another gamingapparatus; an image representing an animated character; an imageassociated with a theme of the gaming apparatus; or an image associatedwith a theme of the gaming feature.
 5. The method of claim 1, furthercomprising defining the predefined player password associated with aplayer identity information of a player at an interface of the gamingapparatus.
 6. The method of claim 1, wherein said determining whetherthe received password is valid comprises comparing a cryptographic hashvalue of the received player password to a stored cryptographic hashvalue of a predefined player password.
 7. The method of claim 1, whereinsaid determining whether the received password is valid comprises:counting a number of times the received player password fails tocorrespond with the predefined player password associated with theplayer identity information during a gaming session; continuing toreceive another player password if the counted number is less than apredetermined number; and discontinuing reception of further playerpasswords during the session once the counted number is greater than thepredetermined number.